Featured Slideshow

In a Dallas courtroom on Thursday, writer and activist Barrett Brown was sentenced to 63 months in prison and was ordered to pay a little more than $890,000 in restitution and fines, according to reports.

Featured Spotlight

For the security industry, the tide is shifting. Executives and boards are recognizing future ROI benefits in beefing up security when alerted to the potential of a three to five percent sales decline following a data breach.

RSA Conference 2011: Smartphone threats imminent, security lacking

While smartphones are garnering more attention from the cybercriminal community, most users are not aware of the risks. However, the security industry is struggling to develop tools to defend these devices, a panel of experts said on Wednesday at RSA Conference in San Francisco.

For years, members of the information security community have warned that smartphones will increasingly be targeted by cybercriminals as they grow more ubiquitous, said panelist Marcus Sachs, vice president of national security policy at Verizon. Even though mobile malware has been discovered in the wild, many argue that it does not pose a significant threat right now.

But recent history proves that other long-predicted threats – such as attacks targeting critical infrastructure systems – have materialized, Sachs said.

“Our adversaries are entrepreneurs,” he said. “And they are just as mobile as we are.”

Smartphones are appealing to cybercriminals because they contain vast amounts of data and are always connected to the internet, said panelist Joseph Opacki, technical program manager of the FBI's malware analysis program.

The threat of mobile malware was recently highlighted by a team of researchers, including from the University of Hong Kong and Indiana University in Bloomington, who developed a trojan dubbed Soundminer that can monitor a user's phone calls and steal credit card numbers that are spoken during a conversation or entered into the phone's number keypad. The trojan, which targets phones running Google's Android platform, shows that the threat of mobile malware is real, Opacki said.

“Even though we say this is the year of the mobile threat, people are still downloading any app they want,” said panelist Adam Meyers, director of cybersecurity intelligence at IT services and solutions consulting firm SRA International.

Despite the threats, most users don't even think about smartphones as mobile computers or consider the risks posed by these devices, Opacki said.

“You think you're secure, but mobile devices are the next target for malware writers,” he said.

Because smartphones are essentially full-fledged computers, organizations need to secure them with the same level of protection afforded to PCs, said panelist Winn Schwartau, chairman of smartphone security firm Mobile Active Defense.

But part of the problem is that technological innovation is moving quicker than security, and vendors are struggling to develop technologies that can protect mobile devices from malware, Meyers said. The market for enterprise-grade smartphone anti-virus solutions, for example, is largely nonexistent, panelists said.

In the meantime, organizations should question whether to support new devices and consider the risks before doing so, Sachs said. Also, user education is extremely important and organizations should ensure employees are conscious about what they do online.

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.